I'm not sure I understand - A and B are in front of the firewall/nat, and C is behind it? And A and C are the "real" mpi processes, and B is just a proxy?

I'm not sure why you'd need a communication proxy to send all traffic thru; what you really need is something like a connection manager proxy on each side where initiation requests cannot (easily) flow, and maintain some kind of communication with it to the other side. For example, if you have a 1-way firewall (i.e., connection requests can flow from A to B but not from B to A), then during startup you need to establish a CM proxy on the same side as A and establish a socket to it to the B side (perhaps to an orted?).

A can always connect to B, but if B wants to connect to B, it would initiate the sequence by sending a request to the CM. The CM would then tell A to connect to B.

Or maybe if you can establish oob communication between all procs, the B can just OOB send to A and say "hey, open a connection back to me because I can't open a connection to you."

I left out lots of details because I'm typing on my blackberry; but it gives you the flavor of the issues involved.

-jms
Sent from my PDA. No type good.


From: devel-bounces@open-mpi.org <devel-bounces@open-mpi.org>
To: Open MPI Developers <devel@open-mpi.org>
Sent: Tue Apr 27 22:38:22 2010
Subject: Re: [OMPI devel] How is a MPI process launched ?

Hi Jeff, 

Sorry, can't use IPv6 right now but may be in the future. 

When you're talking to someone behind NAT (or any type of firewall), how do you know to whom you're actually talking?

If Machine A can talk to machine C in front of NAT and that machine can relay the data packet to the machine B behind the NAT. From Machine A perspective won't it be just like talking to machine B. May be use IPTABLES to specify the route on the port range. 

There are ways, of course, but it's quite complicated if connection initiation can effectively only flow in one direction. 
Jeff, can you tell me the most simple way. It does not have to be perfect. 

Thanks


From: Jeff Squyres <jsquyres@cisco.com>
To: Open MPI Developers <devel@open-mpi.org>
Sent: Tue, 27 April, 2010 9:12:07 PM
Subject: Re: [OMPI devel] How is a MPI process launched ?

On Apr 27, 2010, at 10:06 AM, Leo P. wrote:

> Ralph has talked about the other parts already; so I'll ask about the BTL: what type of network are you looking to route via the BTL?
>
> I am talking about two different network using a private IP and all the communication being routed through a NAT router

There's a bunch of issues with this; I know that the U. Tennessee and INRIA folks have dug into at least some of them.

When you're talking to someone behind NAT (or any type of firewall), how do you know to whom you're actually talking?  There are ways, of course, but it's quite complicated if connection initiation can effectively only flow in one direction.

Can you just use IPv6?

--
Jeff Squyres
jsquyres@cisco.com
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/


_______________________________________________
devel mailing list
devel@open-mpi.org
http://www.open-mpi.org/mailman/listinfo.cgi/devel